From a52e102bfb7d6e414988a57af15cc804df92e6ea Mon Sep 17 00:00:00 2001 From: Alexander Larsson Date: Wed, 16 May 2018 14:00:46 +0200 Subject: [PATCH] Ensure more fds are opened O_CLOEXEC so they are not accidentally inherited --- common/flatpak-exports.c | 2 +- common/flatpak-run.c | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/common/flatpak-exports.c b/common/flatpak-exports.c index 36fb44bd..de267178 100644 --- a/common/flatpak-exports.c +++ b/common/flatpak-exports.c @@ -419,7 +419,7 @@ check_if_autofs_works (const char *path) int res; int wstatus; - if (pipe (selfpipe) == -1) + if (pipe2 (selfpipe, O_CLOEXEC) == -1) return FALSE; fcntl (selfpipe[0], F_SETFL, fcntl (selfpipe[0], F_GETFL) | O_NONBLOCK); diff --git a/common/flatpak-run.c b/common/flatpak-run.c index aa667624..0d44efef 100644 --- a/common/flatpak-run.c +++ b/common/flatpak-run.c @@ -649,7 +649,7 @@ add_bwrap_wrapper (FlatpakBwrap *bwrap, struct dirent *dent; g_autofree char *proxy_socket_dir = g_build_filename (g_get_user_runtime_dir (), ".dbus-proxy/", NULL); - app_info_fd = open (app_info_path, O_RDONLY); + app_info_fd = open (app_info_path, O_RDONLY | O_CLOEXEC); if (app_info_fd == -1) return glnx_throw_errno_prefix (error, _("Failed to open app info file")); @@ -747,7 +747,7 @@ start_dbus_proxy (FlatpakBwrap *app_bwrap, proxy_start_index = proxy_bwrap->argv->len; - if (pipe (sync_fds) < 0) + if (pipe2 (sync_fds, O_CLOEXEC) < 0) { g_set_error_literal (error, G_IO_ERROR, g_io_error_from_errno (errno), _("Unable to create sync pipe"));